The prevalence of cybercrime is one thing, but its broad variety is another. February may be the shortest month, but it included what not long ago might have been years’ worth of hacks, breaches, and attacks. From video game ransoms to vulnerable geniuses to political vigilantes to attempts to poison entire towns, the month was another dangerous and wild ride in the world of cybersecurity. Now let's take a look back at the top cyberattacks of February 2021.
Hackers Attempt to Poison a Florida Town’s Water Supply
The month’s most visible cyberattack was also its most disturbing—an unknown hacker hijacked a remote access computer system at a water treatment facility in Oldsmar, Florida. As a plant operator watched helplessly, the bad actor took control of his computer to elevate levels of sodium hydroxide in the town’s water supply, an action that could have had fatal consequences among Oldsmar’s 15,000 residents had it gone undetected.
Officials were quick to note, however, that even if the operator hadn’t quickly corrected the chemical levels, a system of failsafes almost certainly would have detected the alteration before the water reached the public.
Even so, this incident represents one of the most brazen and pernicious cyberattacks on a US city’s infrastructure ever recorded.
As frightening as such an attack appears, some security experts say it isn’t that unusual. Public utilities using remote access tools like the TeamViewer system used by Oldsmar are highly vulnerable to takeover by hackers. The good news is that there are usually enough failsafes in place to keep intrusions from having a noticeable impact. The bad news is that a hacker who manages to get around those additional safety measures could be a serious threat to public health and safety.
- Records Exposed: Water treatment chemical concentrations
- Type of Attack: Remote access hijack
- Industry: Municipality
- Date of Attack: February 8, 2021
- Location: Oldsmar, Florida
- While systems of failsafes provide some reassurance, public utilities and municipal functions in the U.S. are dangerously reliant on unsophisticated and outdated technologies.
Hacktivists Steal 70GB of Data from Right-Wing Social Platform Gab
Coming on the heels of the hacking and effective shut-down of Parler in January, a hacktivist group calling itself DDoSecrets accessed and leaked more than 70GB of personal data from users of Gab. Gab, which identifies itself as “a social network that champions free speech, individual liberty and the free flow of information online,” has been criticized for allegedly harboring far-right extremists and conspiracy theorists.
The stolen data includes both public profile information and more sensitive material such as passwords and posts from private groups and individuals. The data was apparently accessed through a SQL injection vulnerability, which allowed hackers to manipulate the site’s SQL database. Gab claims to have since patched that vulnerability and is currently undergoing a sitewide security audit. Gab says the leak is less damaging than it might appear since it does not collect personally identifiable information such as phone numbers or social security numbers.
- Records Exposed: Passwords, private and public posts and messages
- Type of Attack: SQL exploit
- Industry: Social media
- Date of Attack: Mid-February 2021
- Location: Pennsylvania
- In a consistently divided political climate, web entities on both sides face a greater likelihood of cyber sabotage and attacks from ideological opponents.
- While victim-blaming is never a good look, it may be wise for sites that are particularly likely to be targeted to bolster their security measures and perform regular audits.
Outdated File Transfer Technology Leads to Theft of Kroger Customers’ Personal Data
Hackers made off with potentially sensitive data from pharmacy and clinic customers, as well as that of current and former employees, of nationwide grocery chain Kroger. The attack, which occurred in late January and was made public in early February, exploited an Accellion File Transfer Appliance (FTA) that was nearing its end of life. in late 2020, Accellion advised users to upgrade to a newer technology, but Kroger apparently had yet to follow through.
Stolen data appears to include personally identifiable information such as social security numbers, medical histories, and insurance data, as well as some Kroger personnel files. The silver lining is the hack may have only impacted customers using the chain’s Health and Money Services program, which is less than one percent of Kroger’s total customer base. Even so, for a chain with 2,200 pharmacies operating nationwide, that is a significant number of customers.
This is just the latest fallout from a large-scale December exploit of Accellion’s outdated FTA tool, which has also impacted the Washington State auditor’s office, the prestigious Jones Day law firm, the Reserve Bank of New Zealand, Australia’s financial regulation office, and the University of Colorado.
- Records Exposed: Passwords, medical histories, social security information, insurance data, personnel files
- Type of Attack: Third-party FTA exploit
- Industry: Healthcare
- Date of Attack: January 23, 2021
- Location: More than 2,000 locations nationwide
- Aging and outdated technology makes an irresistible target for bad actors.
- A security flaw in widely used third-party software can lead to multi-pronged attacks across a wide range of countries and industries.
- Businesses need to act with urgency when vendors tell them their security tools are out of date.
Mensa Gets Outsmarted by Hacker Exploiting Insecure Passwords
The British chapter of Mensa, the “largest and oldest high IQ society in the world,” faced internal upheaval after a cyberattack temporarily took down its website and several members resigned over security concerns. It appears as if an unknown attacker accessed the site using stolen credentials from a Mensa director.
While the organization claims that passwords for its 18,000 members were properly encrypted and were in the process of being hashed when the attack took place, several of the site’s technology administrators recently resigned in protest. Other members claim that the site recently sent them password reset data in plaintext, a charge Mensa denied.
Thus far, the breach’s only direct impact was when the Mensa site went offline briefly, but stolen data includes not only password information, but also instant messaging conversations, credit card numbers, home and email addresses, and the IQ scores of both accepted and rejected applicants. While some might be flattered to have their high IQ exposed to the public, it is still a clear and serious violation of these individuals’ privacy, along with their other personal information.
- Records Exposed: Passwords, credit card numbers, home and email addresses, private messages, IQ scores
- Type of Attack: Credential theft leading to data theft
- Industry: Nonprofit
- Date of Attack: Late January 2021
- Location: United Kingdom
- Even smart and tech-savvy organizations can fall victim to an unsophisticated data breach if their oversight of cybersecurity measures is slipshod.
- Storing sensitive information like passwords in plain text rather than encrypting and hashing it is a recipe for disaster.
Hackers Steal Code and Data from “Cyberpunk 2077” Developer
It’s been a rough year so far for video game developer CD Projekt Red, the team behind the already infamous “Cyberpunk 2077” launch. The Polish company already reeled from negative online reaction to the December release of its much-anticipated but reportedly buggy flagship game. Now it can add a security breach and ransom attempt to its list of recent headaches.
In early February, hackers accessed CD Projekt’s servers and subsequently posted a ransom note in which they claimed to have stolen multiple internal documents related to the company’s finances, HR processes, legal activities, and more. The hackers also claimed to have taken source code for several of the developer’s most valuable game titles, including “Cyberpunk 2077,” “Witcher 3,” and “Gwent.” After attempting to blackmail CD Projekt into buying its property back, the hackers reportedly auctioned off the code to an unknown buyer, so this may just be the beginning of the story.
To give credit where it’s due, CD Projekt swiftly informed current and former employees of the data breach. While the company does not believe any personally identifiable information about employees or customers was stolen, it has encouraged its staff to take all reasonable protective precautions.
- Records Exposed: Video game source code
- Type of Attack: Unknown hack leading to ransom demand
- Industry: Game development
- Date of Attack: February 9, 2021
- Location: Poland
- Highly competitive industries like game development demand extra levels of security and scrutiny, as their intellectual property sells quickly on the black market.
- When breaches occur, offering transparency and assistance to potentially impacted employees and customers is generally the best course of action.
For more, check out the Top Cyberattacks of January 2021.
Stay Ahead of Cyberthreats
From outdated applications, to under-protected information, to particularly tempting targets, the one unifying factor in all of these cases is the danger that an organization lets down its collective guard. Contact Arctic Wolf today to learn about solutions and services that keep your organization alert, prepared, and ready to act against the latest cyberthreats.